ID CVE-2015-2939 Type cve Reporter cve@mitre.org Modified 2016-12-07T18:11:00
Description
Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace.
{"nessus": [{"lastseen": "2021-01-17T11:51:48", "description": "Updated mediawiki packages fix security vulnerabilities :\n\nIn MediaWiki before 1.23.9, one could circumvent the SVG MIME\nblacklist for embedded resources. This allowed an attacker to embed\nJavaScript in the SVG (CVE-2015-2931).\n\nIn MediaWiki before 1.23.9, the SVG filter to prevent injecting\nJavaScript using animate elements was incorrect (CVE-2015-2932).\n\nIn MediaWiki before 1.23.9, a stored XSS vulnerability exists due to\nthe way attributes were expanded in MediaWiki's Html class, in\ncombination with LanguageConverter substitutions (CVE-2015-2933).\n\nIn MediaWiki before 1.23.9, MediaWiki's SVG filtering could be\nbypassed with entity encoding under the Zend interpreter. This could\nbe used to inject JavaScript (CVE-2015-2934).\n\nIn MediaWiki before 1.23.9, one could bypass the style filtering for\nSVG files to load external resources. This could violate the anonymity\nof users viewing the SVG (CVE-2015-2935).\n\nIn MediaWiki before 1.23.9, MediaWiki versions using PBKDF2 for\npassword hashing (not the default for 1.23) are vulnerable to DoS\nattacks using extremely long passwords (CVE-2015-2936).\n\nIn MediaWiki before 1.23.9, MediaWiki is vulnerable to Quadratic\nBlowup DoS attacks, under both HHVM and Zend PHP (CVE-2015-2937).\n\nIn MediaWiki before 1.23.9, the MediaWiki feature allowing a user to\npreview another user's custom JavaScript could be abused for privilege\nescalation (CVE-2015-2938).\n\nIn MediaWiki before 1.23.9, function names were not sanitized in Lua\nerror backtraces, which could lead to XSS (CVE-2015-2939).\n\nIn MediaWiki before 1.23.9, the CheckUser extension did not prevent\nCSRF attacks on the form allowing checkusers to look up sensitive\ninformation about other users. Since the use of CheckUser is logged,\nthe CSRF could be abused to defame a trusted user or flood the logs\nwith noise (CVE-2015-2940).\n\nThe mediawiki package has been updated to version 1.23.9, fixing these\nissues and other bugs.", "edition": 26, "published": "2015-04-10T00:00:00", "title": "Mandriva Linux Security Advisory : mediawiki (MDVSA-2015:200)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2934", "CVE-2015-2938", "CVE-2015-2933", "CVE-2015-2939", "CVE-2015-2940", "CVE-2015-2932", "CVE-2015-2937", "CVE-2015-2931", "CVE-2015-2936", "CVE-2015-2935"], "modified": "2015-04-10T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:mediawiki-pgsql", "p-cpe:/a:mandriva:linux:mediawiki-mysql", "p-cpe:/a:mandriva:linux:mediawiki-sqlite", "p-cpe:/a:mandriva:linux:mediawiki"], "id": "MANDRIVA_MDVSA-2015-200.NASL", "href": "https://www.tenable.com/plugins/nessus/82686", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:200. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82686);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-2931\", \"CVE-2015-2932\", \"CVE-2015-2933\", \"CVE-2015-2934\", \"CVE-2015-2935\", \"CVE-2015-2936\", \"CVE-2015-2937\", \"CVE-2015-2938\", \"CVE-2015-2939\", \"CVE-2015-2940\");\n script_bugtraq_id(73477);\n script_xref(name:\"MDVSA\", value:\"2015:200\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mediawiki (MDVSA-2015:200)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mediawiki packages fix security vulnerabilities :\n\nIn MediaWiki before 1.23.9, one could circumvent the SVG MIME\nblacklist for embedded resources. This allowed an attacker to embed\nJavaScript in the SVG (CVE-2015-2931).\n\nIn MediaWiki before 1.23.9, the SVG filter to prevent injecting\nJavaScript using animate elements was incorrect (CVE-2015-2932).\n\nIn MediaWiki before 1.23.9, a stored XSS vulnerability exists due to\nthe way attributes were expanded in MediaWiki's Html class, in\ncombination with LanguageConverter substitutions (CVE-2015-2933).\n\nIn MediaWiki before 1.23.9, MediaWiki's SVG filtering could be\nbypassed with entity encoding under the Zend interpreter. This could\nbe used to inject JavaScript (CVE-2015-2934).\n\nIn MediaWiki before 1.23.9, one could bypass the style filtering for\nSVG files to load external resources. This could violate the anonymity\nof users viewing the SVG (CVE-2015-2935).\n\nIn MediaWiki before 1.23.9, MediaWiki versions using PBKDF2 for\npassword hashing (not the default for 1.23) are vulnerable to DoS\nattacks using extremely long passwords (CVE-2015-2936).\n\nIn MediaWiki before 1.23.9, MediaWiki is vulnerable to Quadratic\nBlowup DoS attacks, under both HHVM and Zend PHP (CVE-2015-2937).\n\nIn MediaWiki before 1.23.9, the MediaWiki feature allowing a user to\npreview another user's custom JavaScript could be abused for privilege\nescalation (CVE-2015-2938).\n\nIn MediaWiki before 1.23.9, function names were not sanitized in Lua\nerror backtraces, which could lead to XSS (CVE-2015-2939).\n\nIn MediaWiki before 1.23.9, the CheckUser extension did not prevent\nCSRF attacks on the form allowing checkusers to look up sensitive\ninformation about other users. Since the use of CheckUser is logged,\nthe CSRF could be abused to defame a trusted user or flood the logs\nwith noise (CVE-2015-2940).\n\nThe mediawiki package has been updated to version 1.23.9, fixing these\nissues and other bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0142.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mediawiki-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-1.23.9-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-mysql-1.23.9-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-pgsql-1.23.9-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"mediawiki-sqlite-1.23.9-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T12:07:05", "description": "According to its version number, the MediaWiki application running on\nthe remote host is affected by the following vulnerabilities :\n\n - An input validation error exists related to handling\n API errors that allows reflected cross-site scripting\n attacks. (CVE-2014-9714, CVE-2015-2941)\n\n - An input validation error exists related to SVG file\n uploads that allows stored cross-site scripting attacks\n by bypassing a missing MIME type blacklist.\n (CVE-2015-2931)\n\n - An input validation error exists related to the handling\n of JavaScript used to animate elements in the\n 'includes/upload/UploadBase.php' script that allows a\n remote attacker to bypass the blacklist filter.\n (CVE-2015-2932)\n\n - An input validation error exists in the\n 'includes/Html.php' script that allows stored cross-site\n scripting attacks. (CVE-2015-2933)\n\n - A flaw in the 'includes/libs/XmlTypeCheck.php' script\n allows a remote attacker to bypass the SVG filter by\n encoding SVG entities. (CVE-2015-2934)\n\n - A flaw in the 'includes/upload/UploadBase.php' script\n allows a remote attacker to bypass the SVG filter and\n de-anonymize the wiki readers. This issue exists due to\n an incomplete fix for CVE-2014-7199. (CVE-2015-2935)\n\n - A denial of service vulnerability exists due to a flaw\n in the handling of hashing large PBKDF2 passwords.\n (CVE-2015-2936)\n\n - A denial of service vulnerability exists due to an XML\n external entity injection (XXE) flaw that is triggered\n by the parsing of crafted XML data. (CVE-2015-2937)\n\n - An input validation error exists related to the\n user-supplied custom JavaScript that allows stored\n cross-site scripting attacks. (CVE-2015-2938)\n\n - An input validation error exists related to the\n Scribunto extension that allows stored cross-site\n scripting attacks. (CVE-2015-2939)\n\n - A flaw in the CheckUser extension allows cross-site\n request forgery attacks due to a flaw in which user\n rights are not properly checked. (CVE-2015-2940)\n\n - A denial of service vulnerability exists due to an\n XML external entity (XXE) injection flaw triggered by\n the parsing of crafted XML data in SVG or XMP files.\n (CVE-2015-2942)\n\n - A cross-site scripting vulnerability exists due to\n improper validation of input encoded entities in SVG\n files. An unauthenticated, remote attacker can exploit\n this, via a specially crafted request, to execute\n arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 29, "published": "2015-06-12T00:00:00", "title": "MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2934", "CVE-2015-2938", "CVE-2014-9714", "CVE-2015-2933", "CVE-2015-2942", "CVE-2015-2939", "CVE-2014-7199", "CVE-2015-2940", "CVE-2015-2941", "CVE-2015-2932", "CVE-2015-2937", "CVE-2015-2931", "CVE-2015-2936", "CVE-2015-2935"], "modified": "2015-06-12T00:00:00", "cpe": ["cpe:/a:mediawiki:mediawiki"], "id": "MEDIAWIKI_1_24_2.NASL", "href": "https://www.tenable.com/plugins/nessus/84164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84164);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2014-9714\",\n \"CVE-2015-2931\",\n \"CVE-2015-2932\",\n \"CVE-2015-2933\",\n \"CVE-2015-2934\",\n \"CVE-2015-2935\",\n \"CVE-2015-2936\",\n \"CVE-2015-2937\",\n \"CVE-2015-2938\",\n \"CVE-2015-2939\",\n \"CVE-2015-2940\",\n \"CVE-2015-2941\",\n \"CVE-2015-2942\"\n );\n script_bugtraq_id(73477, 74061);\n\n script_name(english:\"MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MediaWiki version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the MediaWiki application running on\nthe remote host is affected by the following vulnerabilities :\n\n - An input validation error exists related to handling\n API errors that allows reflected cross-site scripting\n attacks. (CVE-2014-9714, CVE-2015-2941)\n\n - An input validation error exists related to SVG file\n uploads that allows stored cross-site scripting attacks\n by bypassing a missing MIME type blacklist.\n (CVE-2015-2931)\n\n - An input validation error exists related to the handling\n of JavaScript used to animate elements in the\n 'includes/upload/UploadBase.php' script that allows a\n remote attacker to bypass the blacklist filter.\n (CVE-2015-2932)\n\n - An input validation error exists in the\n 'includes/Html.php' script that allows stored cross-site\n scripting attacks. (CVE-2015-2933)\n\n - A flaw in the 'includes/libs/XmlTypeCheck.php' script\n allows a remote attacker to bypass the SVG filter by\n encoding SVG entities. (CVE-2015-2934)\n\n - A flaw in the 'includes/upload/UploadBase.php' script\n allows a remote attacker to bypass the SVG filter and\n de-anonymize the wiki readers. This issue exists due to\n an incomplete fix for CVE-2014-7199. (CVE-2015-2935)\n\n - A denial of service vulnerability exists due to a flaw\n in the handling of hashing large PBKDF2 passwords.\n (CVE-2015-2936)\n\n - A denial of service vulnerability exists due to an XML\n external entity injection (XXE) flaw that is triggered\n by the parsing of crafted XML data. (CVE-2015-2937)\n\n - An input validation error exists related to the\n user-supplied custom JavaScript that allows stored\n cross-site scripting attacks. (CVE-2015-2938)\n\n - An input validation error exists related to the\n Scribunto extension that allows stored cross-site\n scripting attacks. (CVE-2015-2939)\n\n - A flaw in the CheckUser extension allows cross-site\n request forgery attacks due to a flaw in which user\n rights are not properly checked. (CVE-2015-2940)\n\n - A denial of service vulnerability exists due to an\n XML external entity (XXE) injection flaw triggered by\n the parsing of crafted XML data in SVG or XMP files.\n (CVE-2015-2942)\n\n - A cross-site scripting vulnerability exists due to\n improper validation of input encoded entities in SVG\n files. An unauthenticated, remote attacker can exploit\n this, via a specially crafted request, to execute\n arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfc5045c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.24\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mediawiki.org/wiki/Release_notes/1.24#MediaWiki_1.24.2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.securiteam.com/index.php/archives/2669\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MediaWiki version 1.19.24 / 1.23.9 / 1.24.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2940\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mediawiki:mediawiki\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mediawiki_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/MediaWiki\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MediaWiki\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\nversion = install['version'];\ninstall_url = build_url(qs:install['path'], port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n version =~ \"^1\\.19\\.(\\d|1\\d|2[0-3])([^0-9]|$)\" ||\n version =~ \"^1\\.23\\.[0-8]([^0-9]|$)\" ||\n version =~ \"^1\\.24\\.[01]([^0-9]|$)\"\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed versions : 1.19.24 / 1.23.9 / 1.24.2' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:04:46", "description": "The remote host is affected by the vulnerability described in GLSA-201510-05\n(MediaWiki: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MediaWiki. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to create a Denial of Service condition,\n obtain sensitive information, bypass security restrictions, and inject\n arbitrary web script or HTML.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2015-11-02T00:00:00", "title": "GLSA-201510-05 : MediaWiki: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6736", "CVE-2015-6737", "CVE-2015-6728", "CVE-2015-6731", "CVE-2015-6734", "CVE-2015-2934", "CVE-2015-2938", "CVE-2015-2933", "CVE-2015-2942", "CVE-2015-2939", "CVE-2015-2940", "CVE-2015-2941", "CVE-2015-2932", "CVE-2015-2937", "CVE-2015-6730", "CVE-2015-6733", "CVE-2015-2931", "CVE-2015-2936", "CVE-2015-6729", "CVE-2015-2935", "CVE-2015-6732", "CVE-2015-6735"], "modified": "2015-11-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mediawiki"], "id": "GENTOO_GLSA-201510-05.NASL", "href": "https://www.tenable.com/plugins/nessus/86690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201510-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86690);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2931\", \"CVE-2015-2932\", \"CVE-2015-2933\", \"CVE-2015-2934\", \"CVE-2015-2935\", \"CVE-2015-2936\", \"CVE-2015-2937\", \"CVE-2015-2938\", \"CVE-2015-2939\", \"CVE-2015-2940\", \"CVE-2015-2941\", \"CVE-2015-2942\", \"CVE-2015-6728\", \"CVE-2015-6729\", \"CVE-2015-6730\", \"CVE-2015-6731\", \"CVE-2015-6732\", \"CVE-2015-6733\", \"CVE-2015-6734\", \"CVE-2015-6735\", \"CVE-2015-6736\", \"CVE-2015-6737\");\n script_xref(name:\"GLSA\", value:\"201510-05\");\n\n script_name(english:\"GLSA-201510-05 : MediaWiki: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201510-05\n(MediaWiki: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MediaWiki. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to create a Denial of Service condition,\n obtain sensitive information, bypass security restrictions, and inject\n arbitrary web script or HTML.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201510-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MediaWiki 1.25 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.25.2'\n All MediaWiki 1.24 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.24.3'\n All MediaWiki 1.23 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.23.10'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/mediawiki\", unaffected:make_list(\"ge 1.25.2\", \"rge 1.24.3\", \"rge 1.23.10\"), vulnerable:make_list(\"lt 1.25.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MediaWiki\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-2934", "CVE-2015-2938", "CVE-2015-2933", "CVE-2015-2939", "CVE-2015-2940", "CVE-2015-2932", "CVE-2015-2937", "CVE-2015-2931", "CVE-2015-2936", "CVE-2015-2935"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:200\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : mediawiki\r\n Date : April 10, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated mediawiki packages fix security vulnerabilities:\r\n \r\n In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist\r\n for embedded resources. This allowed an attacker to embed JavaScript\r\n in the SVG (CVE-2015-2931).\r\n \r\n In MediaWiki before 1.23.9, the SVG filter to prevent injecting\r\n JavaScript using animate elements was incorrect (CVE-2015-2932).\r\n \r\n In MediaWiki before 1.23.9, a stored XSS vulnerability exists due\r\n to the way attributes were expanded in MediaWiki's Html class, in\r\n combination with LanguageConverter substitutions (CVE-2015-2933).\r\n \r\n In MediaWiki before 1.23.9, MediaWiki's SVG filtering could be bypassed\r\n with entity encoding under the Zend interpreter. This could be used\r\n to inject JavaScript (CVE-2015-2934).\r\n \r\n In MediaWiki before 1.23.9, one could bypass the style filtering for\r\n SVG files to load external resources. This could violate the anonymity\r\n of users viewing the SVG (CVE-2015-2935).\r\n \r\n In MediaWiki before 1.23.9, MediaWiki versions using PBKDF2 for\r\n password hashing (not the default for 1.23) are vulnerable to DoS\r\n attacks using extremely long passwords (CVE-2015-2936).\r\n \r\n In MediaWiki before 1.23.9, MediaWiki is vulnerable to Quadratic\r\n Blowup DoS attacks, under both HHVM and Zend PHP (CVE-2015-2937).\r\n \r\n In MediaWiki before 1.23.9, the MediaWiki feature allowing a user to\r\n preview another user's custom JavaScript could be abused for privilege\r\n escalation (CVE-2015-2938).\r\n \r\n In MediaWiki before 1.23.9, function names were not sanitized in Lua\r\n error backtraces, which could lead to XSS (CVE-2015-2939).\r\n \r\n In MediaWiki before 1.23.9, the CheckUser extension did not prevent\r\n CSRF attacks on the form allowing checkusers to look up sensitive\r\n information about other users. Since the use of CheckUser is logged,\r\n the CSRF could be abused to defame a trusted user or flood the logs\r\n with noise (CVE-2015-2940).\r\n \r\n The mediawiki package has been updated to version 1.23.9, fixing\r\n these issues and other bugs.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2931\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2932\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2933\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2934\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2935\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2936\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2937\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2938\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2939\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2940\r\n http://advisories.mageia.org/MGASA-2015-0142.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 0a5719c634720b2f09037024a6d92d87 mbs1/x86_64/mediawiki-1.23.9-1.mbs1.noarch.rpm\r\n c1e4e0b2eaea6bc47bf1d97af2d8de9d mbs1/x86_64/mediawiki-mysql-1.23.9-1.mbs1.noarch.rpm\r\n 305c803833c271e39ae22f8ab5b04db1 mbs1/x86_64/mediawiki-pgsql-1.23.9-1.mbs1.noarch.rpm\r\n a809cbf86973b4735d0fb874ebbe392b mbs1/x86_64/mediawiki-sqlite-1.23.9-1.mbs1.noarch.rpm \r\n 0b17278c7df09036f5767b88fbc82be7 mbs1/SRPMS/mediawiki-1.23.9-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFVJ1TJmqjQ0CJFipgRApYDAJ9rJau34w29lPzFkaWl2FGTkk25ZgCgvZRx\r\n6mm0PNl6l4BvWIB3H2gyscM=\r\n=Ma5j\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-05-12T00:00:00", "published": "2015-05-12T00:00:00", "id": "SECURITYVULNS:DOC:32097", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32097", "title": "[ MDVSA-2015:200 ] mediawiki", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-2750", "CVE-2015-2172", "CVE-2015-0225", "CVE-2014-9258", "CVE-2015-2843", "CVE-2015-0845", "CVE-2015-2845", "CVE-2014-2027", "CVE-2014-8764", "CVE-2015-2844", "CVE-2014-8360", "CVE-2014-2685", "CVE-2014-5361", "CVE-2014-8762", "CVE-2015-2206", "CVE-2015-2934", "CVE-2014-8761", "CVE-2015-2938", "CVE-2015-2749", "CVE-2014-8763", "CVE-2015-2933", "CVE-2014-5020", "CVE-2015-2939", "CVE-2014-2682", "CVE-2014-5021", "CVE-2015-2940", "CVE-2014-2983", "CVE-2014-3704", "CVE-2015-2781", "CVE-2014-9253", "CVE-2015-2842", "CVE-2014-8089", "CVE-2015-2690", "CVE-2015-2932", "CVE-2015-2937", "CVE-2014-5019", "CVE-2015-1773", "CVE-2015-2559", "CVE-2014-5022", "CVE-2015-2931", "CVE-2014-2684", "CVE-2014-4914", "CVE-2014-5362", "CVE-2014-5032", "CVE-2015-2936", "CVE-2015-2935", "CVE-2014-2683", "CVE-2014-2681", "CVE-2015-2560"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2015-05-12T00:00:00", "published": "2015-05-12T00:00:00", "id": "SECURITYVULNS:VULN:14479", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14479", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:50:42", "bulletinFamily": "info", "cvelist": ["CVE-2015-2934", "CVE-2015-2938", "CVE-2015-2933", "CVE-2015-2942", "CVE-2015-2939", "CVE-2015-2940", "CVE-2015-2941", "CVE-2015-2932", "CVE-2015-2937", "CVE-2015-2931", "CVE-2015-2936", "CVE-2015-2935"], "description": "### *Detect date*:\n04/13/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in MediaWiki. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code, cause denial of service or obtain sensitive information.\n\n### *Affected products*:\nMediaWiki versions earlier than 1.19.24 \nMediaWiki 1.2x versions earlier than 1.23.9 \nMediaWiki 1.24.x versions earlier than 1.24.2\n\n### *Solution*:\nUpdate to the latest version. \n[Get MediaWiki](<https://www.mediawiki.org/wiki/Download>)\n\n### *Original advisories*:\n[MediaWiki notice](<https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[MediaWiki](<https://threats.kaspersky.com/en/product/MediaWiki/>)\n\n### *CVE-IDS*:\n[CVE-2015-2941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2941>)4.3Warning \n[CVE-2015-2942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2942>)7.1High \n[CVE-2015-2932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2932>)4.3Warning \n[CVE-2015-2931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2931>)4.3Warning \n[CVE-2015-2938](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2938>)4.3Warning \n[CVE-2015-2937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2937>)7.1High \n[CVE-2015-2936](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2936>)7.1High \n[CVE-2015-2935](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2935>)5.0Critical \n[CVE-2015-2939](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2939>)4.3Warning \n[CVE-2015-2940](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2940>)6.8High \n[CVE-2015-2933](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2933>)4.3Warning \n[CVE-2015-2934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2934>)4.3Warning", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2015-04-13T00:00:00", "id": "KLA10545", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10545", "title": "\r KLA10545Multiple vulnerabilities in MediaWiki and extensions ", "type": "kaspersky", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2934", "CVE-2015-2938", "CVE-2015-2933", "CVE-2015-2942", "CVE-2015-2939", "CVE-2014-7199", "CVE-2015-2940", "CVE-2015-2941", "CVE-2015-2932", "CVE-2015-2937", "CVE-2015-2931", "CVE-2015-2936", "CVE-2015-2935"], "description": "- CVE-2015-2931 (cross-side scripting)\n\nIt was discovered that MIME types were not properly restricted, allowing\na way to circumvent the SVG MIME blacklist for embedded resources. This\nallowed an attacker to embed JavaScript in a SVG file.\n\n- CVE-2015-2932 (cross-side scripting)\n\nThe SVG filter to prevent injecting JavaScript using animate elements\nwas incorrect. The list of dangerous parts of HTML5 is supposed to\ninclude all uses of 'animate attributename="xlink:href"' in SVG documents.\n\n- CVE-2015-2933 (cross-side scripting)\n\nA persistent XSS vulnerability was discovered due to the way attributes\nwere expanded in MediaWiki's HTML class, in combination with\nLanguageConverter substitutions.\n\n- CVE-2015-2934 (cross-side scripting)\n\nIt was discovered that MediaWiki's SVG filtering could be bypassed with\nentity encoding under the Zend interpreter. This could be used to inject\nJavaScript.\n\n- CVE-2015-2935 (external resource loading)\n\nA way was discovered to bypass the style filtering for SVG files to load\nexternal resource. This could violate the anonymity of users viewing the\nSVG. This issue exists because of an incomplete fix for CVE-2014-7199.\n\n- CVE-2015-2936 (denial of service)\n\nIt was discovered that MediaWiki versions using PBKDF2 for password\nhashing (the default since 1.24) are vulnerable to DoS attacks using\nextremely long passwords.\n\n- CVE-2015-2937 (denial of service)\n\nIt was discovered that MediaWiki is vulnerable to "Quadratic Blowup"\ndenial of service attacks.\n\n- CVE-2015-2938 (cross-side scripting)\n\nIt was discovered that the MediaWiki feature allowing a user to preview\nanother user's custom JavaScript could be abused for privilege\nescalation. This feature has been removed.\n\n- CVE-2015-2939 (cross-side scripting)\n\nIt was discovered that function names were not sanitized in Lua error\nbacktraces, which could lead to XSS.\n\n- CVE-2015-2940 (cross-side request forgery)\n\nIt was discovered that the CheckUser extension did not prevent CSRF\nattacks on the form allowing checkusers to look up sensitive information\nabout other users. Since the use of CheckUser is logged, the CSRF could\nbe abused to defame a trusted user or flood the logs with noise.\n\n- CVE-2015-2941 (cross-side scripting)\n\nIt was discovered that XSS is possible in the way api errors were\nreflected under HHVM versions before 3.6.1. MediaWiki now detects and\nmitigates this issue on older versions of HHVM.\n\n- CVE-2015-2942 (denial of service)\n\nIt was discovered that MediaWiki's SVG and XMP parsing running under\nHHVM was susceptible to "Billion Laughs" DoS attacks.", "modified": "2015-04-10T00:00:00", "published": "2015-04-10T00:00:00", "id": "ASA-201504-11", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html", "type": "archlinux", "title": "mediawiki: multiple issues", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6736", "CVE-2015-6737", "CVE-2015-6728", "CVE-2015-6731", "CVE-2015-6734", "CVE-2015-2934", "CVE-2015-2938", "CVE-2015-2933", "CVE-2015-2942", "CVE-2015-2939", "CVE-2015-2940", "CVE-2015-2941", "CVE-2015-2932", "CVE-2015-2937", "CVE-2015-6730", "CVE-2015-6733", "CVE-2015-2931", "CVE-2015-2936", "CVE-2015-6729", "CVE-2015-2935", "CVE-2015-6732", "CVE-2015-6735"], "description": "Gentoo Linux Local Security Checks GLSA 201510-05", "modified": "2018-10-26T00:00:00", "published": "2015-11-08T00:00:00", "id": "OPENVAS:1361412562310121418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121418", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201510-05", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201510-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121418\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-08 13:04:38 +0200 (Sun, 08 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201510-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201510-05\");\n script_cve_id(\"CVE-2015-2931\", \"CVE-2015-2932\", \"CVE-2015-2933\", \"CVE-2015-2934\", \"CVE-2015-2935\", \"CVE-2015-2936\", \"CVE-2015-2937\", \"CVE-2015-2938\", \"CVE-2015-2939\", \"CVE-2015-2940\", \"CVE-2015-2941\", \"CVE-2015-2942\", \"CVE-2015-6728\", \"CVE-2015-6729\", \"CVE-2015-6730\", \"CVE-2015-6731\", \"CVE-2015-6732\", \"CVE-2015-6733\", \"CVE-2015-6734\", \"CVE-2015-6735\", \"CVE-2015-6736\", \"CVE-2015-6737\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201510-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.25.2\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.24.3\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(\"ge 1.23.10\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-apps/mediawiki\", unaffected: make_list(), vulnerable: make_list(\"lt 1.25.2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6736", "CVE-2015-6737", "CVE-2015-6728", "CVE-2015-6731", "CVE-2015-6734", "CVE-2015-2934", "CVE-2015-2938", "CVE-2015-2933", "CVE-2015-2942", "CVE-2015-2939", "CVE-2015-2940", "CVE-2015-2941", "CVE-2015-2932", "CVE-2015-2937", "CVE-2015-6730", "CVE-2015-6733", "CVE-2015-2931", "CVE-2015-2936", "CVE-2015-6729", "CVE-2015-2935", "CVE-2015-6732", "CVE-2015-6735"], "description": "### Background\n\nMediaWiki is a collaborative editing software used by large projects such as Wikipedia. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MediaWiki 1.25 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.25.2\"\n \n\nAll MediaWiki 1.24 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.24.3\"\n \n\nAll MediaWiki 1.23 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/mediawiki-1.23.10\"", "edition": 1, "modified": "2015-10-31T00:00:00", "published": "2015-10-31T00:00:00", "id": "GLSA-201510-05", "href": "https://security.gentoo.org/glsa/201510-05", "type": "gentoo", "title": "MediaWiki: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
